expat (SUSE:Linux Micro 6.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Micro 6.0 package expat, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2024-45492 — CVSS 9.8 (critical): An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit…
CVE-2024-45491 — CVSS 9.8 (critical): An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms…
CVE-2023-52425 — CVSS 7.5 (high): libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large…
CVE-2024-28757 — CVSS 7.5 (high): libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via…
CVE-2024-45490 — CVSS 7.5 (high): An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-8176 — CVSS 7.5 (high): A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When…
CVE-2019-15903 — CVSS 7.5 (high): In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a…
CVE-2025-59375 — CVSS 7.5 (high): libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for…
CVE-2026-25210 — CVSS 6.9 (medium): In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow…
CVE-2013-0340 — CVSS 6.8 (medium): expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler…
CVE-2024-50602 — CVSS 5.9 (medium): An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can…
CVE-2023-52426 — CVSS 5.5 (medium): libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
CVE-2026-32776 — CVSS 4.0 (medium): libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
CVE-2026-24515 — CVSS 2.9 (low): In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVE-2026-32778 — CVSS 2.9 (low): libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.